| |
| /* |
| * Copyright (C) Igor Sysoev |
| * Copyright (C) Nginx, Inc. |
| */ |
| |
| |
| #include <ngx_config.h> |
| #include <ngx_core.h> |
| #include <ngx_http.h> |
| |
| |
| static void ngx_http_wait_request_handler(ngx_event_t *ev); |
| static ngx_http_request_t *ngx_http_alloc_request(ngx_connection_t *c); |
| static void ngx_http_process_request_line(ngx_event_t *rev); |
| static void ngx_http_process_request_headers(ngx_event_t *rev); |
| static ssize_t ngx_http_read_request_header(ngx_http_request_t *r); |
| static ngx_int_t ngx_http_alloc_large_header_buffer(ngx_http_request_t *r, |
| ngx_uint_t request_line); |
| |
| static ngx_int_t ngx_http_process_header_line(ngx_http_request_t *r, |
| ngx_table_elt_t *h, ngx_uint_t offset); |
| static ngx_int_t ngx_http_process_unique_header_line(ngx_http_request_t *r, |
| ngx_table_elt_t *h, ngx_uint_t offset); |
| static ngx_int_t ngx_http_process_multi_header_lines(ngx_http_request_t *r, |
| ngx_table_elt_t *h, ngx_uint_t offset); |
| static ngx_int_t ngx_http_process_host(ngx_http_request_t *r, |
| ngx_table_elt_t *h, ngx_uint_t offset); |
| static ngx_int_t ngx_http_process_connection(ngx_http_request_t *r, |
| ngx_table_elt_t *h, ngx_uint_t offset); |
| static ngx_int_t ngx_http_process_user_agent(ngx_http_request_t *r, |
| ngx_table_elt_t *h, ngx_uint_t offset); |
| |
| static ngx_int_t ngx_http_validate_host(ngx_str_t *host, ngx_pool_t *pool, |
| ngx_uint_t alloc); |
| static ngx_int_t ngx_http_set_virtual_server(ngx_http_request_t *r, |
| ngx_str_t *host); |
| static ngx_int_t ngx_http_find_virtual_server(ngx_connection_t *c, |
| ngx_http_virtual_names_t *virtual_names, ngx_str_t *host, |
| ngx_http_request_t *r, ngx_http_core_srv_conf_t **cscfp); |
| |
| static void ngx_http_request_handler(ngx_event_t *ev); |
| static void ngx_http_terminate_request(ngx_http_request_t *r, ngx_int_t rc); |
| static void ngx_http_terminate_handler(ngx_http_request_t *r); |
| static void ngx_http_finalize_connection(ngx_http_request_t *r); |
| static ngx_int_t ngx_http_set_write_handler(ngx_http_request_t *r); |
| static void ngx_http_writer(ngx_http_request_t *r); |
| static void ngx_http_request_finalizer(ngx_http_request_t *r); |
| |
| static void ngx_http_set_keepalive(ngx_http_request_t *r); |
| static void ngx_http_keepalive_handler(ngx_event_t *ev); |
| static void ngx_http_set_lingering_close(ngx_connection_t *c); |
| static void ngx_http_lingering_close_handler(ngx_event_t *ev); |
| static ngx_int_t ngx_http_post_action(ngx_http_request_t *r); |
| static void ngx_http_close_request(ngx_http_request_t *r, ngx_int_t error); |
| static void ngx_http_log_request(ngx_http_request_t *r); |
| |
| static u_char *ngx_http_log_error(ngx_log_t *log, u_char *buf, size_t len); |
| static u_char *ngx_http_log_error_handler(ngx_http_request_t *r, |
| ngx_http_request_t *sr, u_char *buf, size_t len); |
| |
| #if (NGX_HTTP_SSL) |
| static void ngx_http_ssl_handshake(ngx_event_t *rev); |
| static void ngx_http_ssl_handshake_handler(ngx_connection_t *c); |
| #endif |
| |
| |
| static char *ngx_http_client_errors[] = { |
| |
| /* NGX_HTTP_PARSE_INVALID_METHOD */ |
| "client sent invalid method", |
| |
| /* NGX_HTTP_PARSE_INVALID_REQUEST */ |
| "client sent invalid request", |
| |
| /* NGX_HTTP_PARSE_INVALID_VERSION */ |
| "client sent invalid version", |
| |
| /* NGX_HTTP_PARSE_INVALID_09_METHOD */ |
| "client sent invalid method in HTTP/0.9 request" |
| }; |
| |
| |
| ngx_http_header_t ngx_http_headers_in[] = { |
| { ngx_string("Host"), offsetof(ngx_http_headers_in_t, host), |
| ngx_http_process_host }, |
| |
| { ngx_string("Connection"), offsetof(ngx_http_headers_in_t, connection), |
| ngx_http_process_connection }, |
| |
| { ngx_string("If-Modified-Since"), |
| offsetof(ngx_http_headers_in_t, if_modified_since), |
| ngx_http_process_unique_header_line }, |
| |
| { ngx_string("If-Unmodified-Since"), |
| offsetof(ngx_http_headers_in_t, if_unmodified_since), |
| ngx_http_process_unique_header_line }, |
| |
| { ngx_string("If-Match"), |
| offsetof(ngx_http_headers_in_t, if_match), |
| ngx_http_process_unique_header_line }, |
| |
| { ngx_string("If-None-Match"), |
| offsetof(ngx_http_headers_in_t, if_none_match), |
| ngx_http_process_unique_header_line }, |
| |
| { ngx_string("User-Agent"), offsetof(ngx_http_headers_in_t, user_agent), |
| ngx_http_process_user_agent }, |
| |
| { ngx_string("Referer"), offsetof(ngx_http_headers_in_t, referer), |
| ngx_http_process_header_line }, |
| |
| { ngx_string("Content-Length"), |
| offsetof(ngx_http_headers_in_t, content_length), |
| ngx_http_process_unique_header_line }, |
| |
| { ngx_string("Content-Range"), |
| offsetof(ngx_http_headers_in_t, content_range), |
| ngx_http_process_unique_header_line }, |
| |
| { ngx_string("Content-Type"), |
| offsetof(ngx_http_headers_in_t, content_type), |
| ngx_http_process_header_line }, |
| |
| { ngx_string("Range"), offsetof(ngx_http_headers_in_t, range), |
| ngx_http_process_header_line }, |
| |
| { ngx_string("If-Range"), |
| offsetof(ngx_http_headers_in_t, if_range), |
| ngx_http_process_unique_header_line }, |
| |
| { ngx_string("Transfer-Encoding"), |
| offsetof(ngx_http_headers_in_t, transfer_encoding), |
| ngx_http_process_unique_header_line }, |
| |
| { ngx_string("TE"), |
| offsetof(ngx_http_headers_in_t, te), |
| ngx_http_process_header_line }, |
| |
| { ngx_string("Expect"), |
| offsetof(ngx_http_headers_in_t, expect), |
| ngx_http_process_unique_header_line }, |
| |
| { ngx_string("Upgrade"), |
| offsetof(ngx_http_headers_in_t, upgrade), |
| ngx_http_process_header_line }, |
| |
| #if (NGX_HTTP_GZIP || NGX_HTTP_HEADERS || NGX_COMPAT) |
| { ngx_string("Accept-Encoding"), |
| offsetof(ngx_http_headers_in_t, accept_encoding), |
| ngx_http_process_header_line }, |
| |
| { ngx_string("Via"), offsetof(ngx_http_headers_in_t, via), |
| ngx_http_process_header_line }, |
| #endif |
| |
| { ngx_string("Authorization"), |
| offsetof(ngx_http_headers_in_t, authorization), |
| ngx_http_process_unique_header_line }, |
| |
| { ngx_string("Keep-Alive"), offsetof(ngx_http_headers_in_t, keep_alive), |
| ngx_http_process_header_line }, |
| |
| #if (NGX_HTTP_X_FORWARDED_FOR || NGX_COMPAT) |
| { ngx_string("X-Forwarded-For"), |
| offsetof(ngx_http_headers_in_t, x_forwarded_for), |
| ngx_http_process_multi_header_lines }, |
| #endif |
| |
| #if (NGX_HTTP_REALIP || NGX_COMPAT) |
| { ngx_string("X-Real-IP"), |
| offsetof(ngx_http_headers_in_t, x_real_ip), |
| ngx_http_process_header_line }, |
| #endif |
| |
| #if (NGX_HTTP_HEADERS || NGX_COMPAT) |
| { ngx_string("Accept"), offsetof(ngx_http_headers_in_t, accept), |
| ngx_http_process_header_line }, |
| |
| { ngx_string("Accept-Language"), |
| offsetof(ngx_http_headers_in_t, accept_language), |
| ngx_http_process_header_line }, |
| #endif |
| |
| #if (NGX_HTTP_DAV || NGX_COMPAT) |
| { ngx_string("Depth"), offsetof(ngx_http_headers_in_t, depth), |
| ngx_http_process_header_line }, |
| |
| { ngx_string("Destination"), offsetof(ngx_http_headers_in_t, destination), |
| ngx_http_process_header_line }, |
| |
| { ngx_string("Overwrite"), offsetof(ngx_http_headers_in_t, overwrite), |
| ngx_http_process_header_line }, |
| |
| { ngx_string("Date"), offsetof(ngx_http_headers_in_t, date), |
| ngx_http_process_header_line }, |
| #endif |
| |
| { ngx_string("Cookie"), offsetof(ngx_http_headers_in_t, cookies), |
| ngx_http_process_multi_header_lines }, |
| |
| { ngx_null_string, 0, NULL } |
| }; |
| |
| |
| void |
| ngx_http_init_connection(ngx_connection_t *c) |
| { |
| ngx_uint_t i; |
| ngx_event_t *rev; |
| struct sockaddr_in *sin; |
| ngx_http_port_t *port; |
| ngx_http_in_addr_t *addr; |
| ngx_http_log_ctx_t *ctx; |
| ngx_http_connection_t *hc; |
| ngx_http_core_srv_conf_t *cscf; |
| #if (NGX_HAVE_INET6) |
| struct sockaddr_in6 *sin6; |
| ngx_http_in6_addr_t *addr6; |
| #endif |
| |
| hc = ngx_pcalloc(c->pool, sizeof(ngx_http_connection_t)); |
| if (hc == NULL) { |
| ngx_http_close_connection(c); |
| return; |
| } |
| |
| c->data = hc; |
| |
| /* find the server configuration for the address:port */ |
| |
| port = c->listening->servers; |
| |
| if (port->naddrs > 1) { |
| |
| /* |
| * there are several addresses on this port and one of them |
| * is an "*:port" wildcard so getsockname() in ngx_http_server_addr() |
| * is required to determine a server address |
| */ |
| |
| if (ngx_connection_local_sockaddr(c, NULL, 0) != NGX_OK) { |
| ngx_http_close_connection(c); |
| return; |
| } |
| |
| switch (c->local_sockaddr->sa_family) { |
| |
| #if (NGX_HAVE_INET6) |
| case AF_INET6: |
| sin6 = (struct sockaddr_in6 *) c->local_sockaddr; |
| |
| addr6 = port->addrs; |
| |
| /* the last address is "*" */ |
| |
| for (i = 0; i < port->naddrs - 1; i++) { |
| if (ngx_memcmp(&addr6[i].addr6, &sin6->sin6_addr, 16) == 0) { |
| break; |
| } |
| } |
| |
| hc->addr_conf = &addr6[i].conf; |
| |
| break; |
| #endif |
| |
| default: /* AF_INET */ |
| sin = (struct sockaddr_in *) c->local_sockaddr; |
| |
| addr = port->addrs; |
| |
| /* the last address is "*" */ |
| |
| for (i = 0; i < port->naddrs - 1; i++) { |
| if (addr[i].addr == sin->sin_addr.s_addr) { |
| break; |
| } |
| } |
| |
| hc->addr_conf = &addr[i].conf; |
| |
| break; |
| } |
| |
| } else { |
| |
| switch (c->local_sockaddr->sa_family) { |
| |
| #if (NGX_HAVE_INET6) |
| case AF_INET6: |
| addr6 = port->addrs; |
| hc->addr_conf = &addr6[0].conf; |
| break; |
| #endif |
| |
| default: /* AF_INET */ |
| addr = port->addrs; |
| hc->addr_conf = &addr[0].conf; |
| break; |
| } |
| } |
| |
| /* the default server configuration for the address:port */ |
| hc->conf_ctx = hc->addr_conf->default_server->ctx; |
| |
| ctx = ngx_palloc(c->pool, sizeof(ngx_http_log_ctx_t)); |
| if (ctx == NULL) { |
| ngx_http_close_connection(c); |
| return; |
| } |
| |
| ctx->connection = c; |
| ctx->request = NULL; |
| ctx->current_request = NULL; |
| |
| c->log->connection = c->number; |
| c->log->handler = ngx_http_log_error; |
| c->log->data = ctx; |
| c->log->action = "waiting for request"; |
| |
| c->log_error = NGX_ERROR_INFO; |
| |
| rev = c->read; |
| rev->handler = ngx_http_wait_request_handler; |
| c->write->handler = ngx_http_empty_handler; |
| |
| #if (NGX_HTTP_V2) |
| if (hc->addr_conf->http2) { |
| rev->handler = ngx_http_v2_init; |
| } |
| #endif |
| |
| #if (NGX_HTTP_SSL) |
| { |
| ngx_http_ssl_srv_conf_t *sscf; |
| |
| sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module); |
| |
| if (sscf->enable || hc->addr_conf->ssl) { |
| hc->ssl = 1; |
| c->log->action = "SSL handshaking"; |
| rev->handler = ngx_http_ssl_handshake; |
| } |
| } |
| #endif |
| |
| if (hc->addr_conf->proxy_protocol) { |
| hc->proxy_protocol = 1; |
| c->log->action = "reading PROXY protocol"; |
| } |
| |
| if (rev->ready) { |
| /* the deferred accept(), iocp */ |
| |
| if (ngx_use_accept_mutex) { |
| ngx_post_event(rev, &ngx_posted_events); |
| return; |
| } |
| |
| rev->handler(rev); |
| return; |
| } |
| |
| cscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_core_module); |
| |
| ngx_add_timer(rev, cscf->client_header_timeout); |
| ngx_reusable_connection(c, 1); |
| |
| if (ngx_handle_read_event(rev, 0) != NGX_OK) { |
| ngx_http_close_connection(c); |
| return; |
| } |
| } |
| |
| |
| static void |
| ngx_http_wait_request_handler(ngx_event_t *rev) |
| { |
| u_char *p; |
| size_t size; |
| ssize_t n; |
| ngx_buf_t *b; |
| ngx_connection_t *c; |
| ngx_http_connection_t *hc; |
| ngx_http_core_srv_conf_t *cscf; |
| |
| c = rev->data; |
| |
| ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http wait request handler"); |
| |
| if (rev->timedout) { |
| ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); |
| ngx_http_close_connection(c); |
| return; |
| } |
| |
| if (c->close) { |
| ngx_http_close_connection(c); |
| return; |
| } |
| |
| hc = c->data; |
| cscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_core_module); |
| |
| size = cscf->client_header_buffer_size; |
| |
| b = c->buffer; |
| |
| if (b == NULL) { |
| b = ngx_create_temp_buf(c->pool, size); |
| if (b == NULL) { |
| ngx_http_close_connection(c); |
| return; |
| } |
| |
| c->buffer = b; |
| |
| } else if (b->start == NULL) { |
| |
| b->start = ngx_palloc(c->pool, size); |
| if (b->start == NULL) { |
| ngx_http_close_connection(c); |
| return; |
| } |
| |
| b->pos = b->start; |
| b->last = b->start; |
| b->end = b->last + size; |
| } |
| |
| n = c->recv(c, b->last, size); |
| |
| if (n == NGX_AGAIN) { |
| |
| if (!rev->timer_set) { |
| ngx_add_timer(rev, cscf->client_header_timeout); |
| ngx_reusable_connection(c, 1); |
| } |
| |
| if (ngx_handle_read_event(rev, 0) != NGX_OK) { |
| ngx_http_close_connection(c); |
| return; |
| } |
| |
| /* |
| * We are trying to not hold c->buffer's memory for an idle connection. |
| */ |
| |
| if (ngx_pfree(c->pool, b->start) == NGX_OK) { |
| b->start = NULL; |
| } |
| |
| return; |
| } |
| |
| if (n == NGX_ERROR) { |
| ngx_http_close_connection(c); |
| return; |
| } |
| |
| if (n == 0) { |
| ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| "client closed connection"); |
| ngx_http_close_connection(c); |
| return; |
| } |
| |
| b->last += n; |
| |
| if (hc->proxy_protocol) { |
| hc->proxy_protocol = 0; |
| |
| p = ngx_proxy_protocol_read(c, b->pos, b->last); |
| |
| if (p == NULL) { |
| ngx_http_close_connection(c); |
| return; |
| } |
| |
| b->pos = p; |
| |
| if (b->pos == b->last) { |
| c->log->action = "waiting for request"; |
| b->pos = b->start; |
| b->last = b->start; |
| ngx_post_event(rev, &ngx_posted_events); |
| return; |
| } |
| } |
| |
| c->log->action = "reading client request line"; |
| |
| ngx_reusable_connection(c, 0); |
| |
| c->data = ngx_http_create_request(c); |
| if (c->data == NULL) { |
| ngx_http_close_connection(c); |
| return; |
| } |
| |
| rev->handler = ngx_http_process_request_line; |
| ngx_http_process_request_line(rev); |
| } |
| |
| |
| ngx_http_request_t * |
| ngx_http_create_request(ngx_connection_t *c) |
| { |
| ngx_http_request_t *r; |
| ngx_http_log_ctx_t *ctx; |
| ngx_http_core_loc_conf_t *clcf; |
| |
| r = ngx_http_alloc_request(c); |
| if (r == NULL) { |
| return NULL; |
| } |
| |
| c->requests++; |
| |
| clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); |
| |
| ngx_set_connection_log(c, clcf->error_log); |
| |
| ctx = c->log->data; |
| ctx->request = r; |
| ctx->current_request = r; |
| |
| #if (NGX_STAT_STUB) |
| (void) ngx_atomic_fetch_add(ngx_stat_reading, 1); |
| r->stat_reading = 1; |
| (void) ngx_atomic_fetch_add(ngx_stat_requests, 1); |
| #endif |
| |
| return r; |
| } |
| |
| |
| static ngx_http_request_t * |
| ngx_http_alloc_request(ngx_connection_t *c) |
| { |
| ngx_pool_t *pool; |
| ngx_time_t *tp; |
| ngx_http_request_t *r; |
| ngx_http_connection_t *hc; |
| ngx_http_core_srv_conf_t *cscf; |
| ngx_http_core_main_conf_t *cmcf; |
| |
| hc = c->data; |
| |
| cscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_core_module); |
| |
| pool = ngx_create_pool(cscf->request_pool_size, c->log); |
| if (pool == NULL) { |
| return NULL; |
| } |
| |
| r = ngx_pcalloc(pool, sizeof(ngx_http_request_t)); |
| if (r == NULL) { |
| ngx_destroy_pool(pool); |
| return NULL; |
| } |
| |
| r->pool = pool; |
| |
| r->http_connection = hc; |
| r->signature = NGX_HTTP_MODULE; |
| r->connection = c; |
| |
| r->main_conf = hc->conf_ctx->main_conf; |
| r->srv_conf = hc->conf_ctx->srv_conf; |
| r->loc_conf = hc->conf_ctx->loc_conf; |
| |
| r->read_event_handler = ngx_http_block_reading; |
| |
| r->header_in = hc->busy ? hc->busy->buf : c->buffer; |
| |
| if (ngx_list_init(&r->headers_out.headers, r->pool, 20, |
| sizeof(ngx_table_elt_t)) |
| != NGX_OK) |
| { |
| ngx_destroy_pool(r->pool); |
| return NULL; |
| } |
| |
| if (ngx_list_init(&r->headers_out.trailers, r->pool, 4, |
| sizeof(ngx_table_elt_t)) |
| != NGX_OK) |
| { |
| ngx_destroy_pool(r->pool); |
| return NULL; |
| } |
| |
| r->ctx = ngx_pcalloc(r->pool, sizeof(void *) * ngx_http_max_module); |
| if (r->ctx == NULL) { |
| ngx_destroy_pool(r->pool); |
| return NULL; |
| } |
| |
| cmcf = ngx_http_get_module_main_conf(r, ngx_http_core_module); |
| |
| r->variables = ngx_pcalloc(r->pool, cmcf->variables.nelts |
| * sizeof(ngx_http_variable_value_t)); |
| if (r->variables == NULL) { |
| ngx_destroy_pool(r->pool); |
| return NULL; |
| } |
| |
| #if (NGX_HTTP_SSL) |
| if (c->ssl && !c->ssl->sendfile) { |
| r->main_filter_need_in_memory = 1; |
| } |
| #endif |
| |
| r->main = r; |
| r->count = 1; |
| |
| tp = ngx_timeofday(); |
| r->start_sec = tp->sec; |
| r->start_msec = tp->msec; |
| |
| r->method = NGX_HTTP_UNKNOWN; |
| r->http_version = NGX_HTTP_VERSION_10; |
| |
| r->headers_in.content_length_n = -1; |
| r->headers_in.keep_alive_n = -1; |
| r->headers_out.content_length_n = -1; |
| r->headers_out.last_modified_time = -1; |
| |
| r->uri_changes = NGX_HTTP_MAX_URI_CHANGES + 1; |
| r->subrequests = NGX_HTTP_MAX_SUBREQUESTS + 1; |
| |
| r->http_state = NGX_HTTP_READING_REQUEST_STATE; |
| |
| r->log_handler = ngx_http_log_error_handler; |
| |
| return r; |
| } |
| |
| |
| #if (NGX_HTTP_SSL) |
| |
| static void |
| ngx_http_ssl_handshake(ngx_event_t *rev) |
| { |
| u_char *p, buf[NGX_PROXY_PROTOCOL_MAX_HEADER + 1]; |
| size_t size; |
| ssize_t n; |
| ngx_err_t err; |
| ngx_int_t rc; |
| ngx_connection_t *c; |
| ngx_http_connection_t *hc; |
| ngx_http_ssl_srv_conf_t *sscf; |
| ngx_http_core_loc_conf_t *clcf; |
| ngx_http_core_srv_conf_t *cscf; |
| |
| c = rev->data; |
| hc = c->data; |
| |
| ngx_log_debug0(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
| "http check ssl handshake"); |
| |
| if (rev->timedout) { |
| ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); |
| ngx_http_close_connection(c); |
| return; |
| } |
| |
| if (c->close) { |
| ngx_http_close_connection(c); |
| return; |
| } |
| |
| size = hc->proxy_protocol ? sizeof(buf) : 1; |
| |
| n = recv(c->fd, (char *) buf, size, MSG_PEEK); |
| |
| err = ngx_socket_errno; |
| |
| ngx_log_debug1(NGX_LOG_DEBUG_HTTP, rev->log, 0, "http recv(): %z", n); |
| |
| if (n == -1) { |
| if (err == NGX_EAGAIN) { |
| rev->ready = 0; |
| |
| if (!rev->timer_set) { |
| cscf = ngx_http_get_module_srv_conf(hc->conf_ctx, |
| ngx_http_core_module); |
| ngx_add_timer(rev, cscf->client_header_timeout); |
| ngx_reusable_connection(c, 1); |
| } |
| |
| if (ngx_handle_read_event(rev, 0) != NGX_OK) { |
| ngx_http_close_connection(c); |
| } |
| |
| return; |
| } |
| |
| ngx_connection_error(c, err, "recv() failed"); |
| ngx_http_close_connection(c); |
| |
| return; |
| } |
| |
| if (hc->proxy_protocol) { |
| hc->proxy_protocol = 0; |
| |
| p = ngx_proxy_protocol_read(c, buf, buf + n); |
| |
| if (p == NULL) { |
| ngx_http_close_connection(c); |
| return; |
| } |
| |
| size = p - buf; |
| |
| if (c->recv(c, buf, size) != (ssize_t) size) { |
| ngx_http_close_connection(c); |
| return; |
| } |
| |
| c->log->action = "SSL handshaking"; |
| |
| if (n == (ssize_t) size) { |
| ngx_post_event(rev, &ngx_posted_events); |
| return; |
| } |
| |
| n = 1; |
| buf[0] = *p; |
| } |
| |
| if (n == 1) { |
| if (buf[0] & 0x80 /* SSLv2 */ || buf[0] == 0x16 /* SSLv3/TLSv1 */) { |
| ngx_log_debug1(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
| "https ssl handshake: 0x%02Xd", buf[0]); |
| |
| clcf = ngx_http_get_module_loc_conf(hc->conf_ctx, |
| ngx_http_core_module); |
| |
| if (clcf->tcp_nodelay && ngx_tcp_nodelay(c) != NGX_OK) { |
| ngx_http_close_connection(c); |
| return; |
| } |
| |
| sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, |
| ngx_http_ssl_module); |
| |
| if (ngx_ssl_create_connection(&sscf->ssl, c, NGX_SSL_BUFFER) |
| != NGX_OK) |
| { |
| ngx_http_close_connection(c); |
| return; |
| } |
| |
| ngx_reusable_connection(c, 0); |
| |
| rc = ngx_ssl_handshake(c); |
| |
| if (rc == NGX_AGAIN) { |
| |
| if (!rev->timer_set) { |
| cscf = ngx_http_get_module_srv_conf(hc->conf_ctx, |
| ngx_http_core_module); |
| ngx_add_timer(rev, cscf->client_header_timeout); |
| } |
| |
| c->ssl->handler = ngx_http_ssl_handshake_handler; |
| return; |
| } |
| |
| ngx_http_ssl_handshake_handler(c); |
| |
| return; |
| } |
| |
| ngx_log_debug0(NGX_LOG_DEBUG_HTTP, rev->log, 0, "plain http"); |
| |
| c->log->action = "waiting for request"; |
| |
| rev->handler = ngx_http_wait_request_handler; |
| ngx_http_wait_request_handler(rev); |
| |
| return; |
| } |
| |
| ngx_log_error(NGX_LOG_INFO, c->log, 0, "client closed connection"); |
| ngx_http_close_connection(c); |
| } |
| |
| |
| static void |
| ngx_http_ssl_handshake_handler(ngx_connection_t *c) |
| { |
| if (c->ssl->handshaked) { |
| |
| /* |
| * The majority of browsers do not send the "close notify" alert. |
| * Among them are MSIE, old Mozilla, Netscape 4, Konqueror, |
| * and Links. And what is more, MSIE ignores the server's alert. |
| * |
| * Opera and recent Mozilla send the alert. |
| */ |
| |
| c->ssl->no_wait_shutdown = 1; |
| |
| #if (NGX_HTTP_V2 \ |
| && defined TLSEXT_TYPE_application_layer_protocol_negotiation) |
| { |
| unsigned int len; |
| const unsigned char *data; |
| ngx_http_connection_t *hc; |
| |
| hc = c->data; |
| |
| if (hc->addr_conf->http2) { |
| |
| SSL_get0_alpn_selected(c->ssl->connection, &data, &len); |
| |
| if (len == 2 && data[0] == 'h' && data[1] == '2') { |
| ngx_http_v2_init(c->read); |
| return; |
| } |
| } |
| } |
| #endif |
| |
| c->log->action = "waiting for request"; |
| |
| c->read->handler = ngx_http_wait_request_handler; |
| /* STUB: epoll edge */ c->write->handler = ngx_http_empty_handler; |
| |
| ngx_reusable_connection(c, 1); |
| |
| ngx_http_wait_request_handler(c->read); |
| |
| return; |
| } |
| |
| if (c->read->timedout) { |
| ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); |
| } |
| |
| ngx_http_close_connection(c); |
| } |
| |
| |
| #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME |
| |
| #if defined(OPENSSL_IS_BORINGSSL) |
| |
| enum ssl_select_cert_result_t |
| ngx_http_ssl_client_hello(const SSL_CLIENT_HELLO *client_hello) |
| { |
| CBS extension, list, name; |
| int alert, rc; |
| size_t len; |
| uint8_t type; |
| ngx_str_t hostname; |
| const uint8_t *data; |
| ngx_connection_t *c; |
| |
| /* Based on BoringSSL's ext_sni_parse_clienthello(). */ |
| |
| if (SSL_early_callback_ctx_extension_get(client_hello, |
| TLSEXT_TYPE_server_name, |
| &data, &len) |
| == 0) |
| { |
| return ssl_select_cert_success; |
| } |
| |
| CBS_init(&extension, data, len); |
| |
| if (CBS_get_u16_length_prefixed(&extension, &list) == 0 |
| || CBS_get_u8(&list, &type) == 0 |
| || CBS_get_u16_length_prefixed(&list, &name) == 0 |
| || CBS_len(&list) != 0 |
| || CBS_len(&extension) != 0) |
| { |
| return ssl_select_cert_error; |
| } |
| |
| if (type != TLSEXT_NAMETYPE_host_name |
| || CBS_len(&name) == 0 |
| || CBS_len(&name) > TLSEXT_MAXLEN_host_name |
| || CBS_contains_zero_byte(&name)) |
| { |
| return ssl_select_cert_error; |
| } |
| |
| /* Store requested server name and call the regular callback. */ |
| |
| c = ngx_ssl_get_connection(client_hello->ssl); |
| |
| hostname.len = CBS_len(&name); |
| hostname.data = ngx_pnalloc(c->pool, hostname.len + 1); |
| if (hostname.data == NULL) { |
| return ssl_select_cert_error; |
| } |
| |
| ngx_memcpy(hostname.data, CBS_data(&name), hostname.len); |
| hostname.data[hostname.len] = '\0'; |
| |
| rc = ngx_http_ssl_servername(client_hello->ssl, &alert, hostname.data); |
| |
| /* |
| * BoringSSL cannot send a specific alert from the early callback, so |
| * don't error out here if we need to send one (e.g. unrecognized name), |
| * and continue processing the handshake, so that the desired alert can |
| * be sent from the regular callback. |
| */ |
| |
| if (rc == SSL_TLSEXT_ERR_ALERT_FATAL && alert == SSL_AD_INTERNAL_ERROR) { |
| return ssl_select_cert_error; |
| } else { |
| return ssl_select_cert_success; |
| } |
| } |
| |
| #elif defined(SSL_CLIENT_HELLO_CB) |
| |
| int |
| ngx_http_ssl_client_hello(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg) |
| { |
| int rc; |
| size_t len, remaining; |
| ngx_str_t hostname; |
| ngx_connection_t *c; |
| const unsigned char *p; |
| |
| /* Based on OpenSSL's client_hello_select_server_ctx(). */ |
| |
| if (SSL_client_hello_get0_ext(ssl_conn, TLSEXT_TYPE_server_name, |
| &p, &remaining) |
| == 0) |
| { |
| return SSL_CLIENT_HELLO_SUCCESS; |
| } |
| |
| if (remaining <= 2) { |
| return SSL_CLIENT_HELLO_ERROR; |
| } |
| |
| len = (*(p++) << 8); |
| len += *(p++); |
| |
| if (len + 2 != remaining) { |
| return SSL_CLIENT_HELLO_ERROR; |
| } |
| |
| remaining -= 2; |
| |
| if (remaining == 0) { |
| return SSL_CLIENT_HELLO_ERROR; |
| } |
| |
| if (*p++ != TLSEXT_NAMETYPE_host_name) { |
| return SSL_CLIENT_HELLO_ERROR; |
| } |
| |
| remaining--; |
| |
| if (remaining <= 2) { |
| return SSL_CLIENT_HELLO_ERROR; |
| } |
| |
| len = (*(p++) << 8); |
| len += *(p++); |
| |
| if (len + 2 != remaining) { |
| return SSL_CLIENT_HELLO_ERROR; |
| } |
| |
| if (len == 0 || len > TLSEXT_MAXLEN_host_name) { |
| return SSL_CLIENT_HELLO_ERROR; |
| } |
| |
| if (memchr(p, 0, len) != NULL) { |
| return SSL_CLIENT_HELLO_ERROR; |
| } |
| |
| /* Store requested server name and call the regular callback. */ |
| |
| c = ngx_ssl_get_connection(ssl_conn); |
| |
| hostname.len = len; |
| hostname.data = ngx_pnalloc(c->pool, hostname.len + 1); |
| if (hostname.data == NULL) { |
| return SSL_CLIENT_HELLO_ERROR; |
| } |
| |
| ngx_memcpy(hostname.data, p, hostname.len); |
| hostname.data[hostname.len] = '\0'; |
| |
| rc = ngx_http_ssl_servername(ssl_conn, ad, hostname.data); |
| |
| return rc == SSL_TLSEXT_ERR_OK ? SSL_CLIENT_HELLO_SUCCESS |
| : SSL_CLIENT_HELLO_ERROR; |
| } |
| |
| #endif |
| |
| int |
| ngx_http_ssl_servername(ngx_ssl_conn_t *ssl_conn, int *ad, void *arg) |
| { |
| ngx_int_t rc; |
| ngx_str_t host; |
| const char *servername; |
| ngx_connection_t *c; |
| ngx_http_connection_t *hc; |
| ngx_http_ssl_srv_conf_t *sscf; |
| ngx_http_core_loc_conf_t *clcf; |
| ngx_http_core_srv_conf_t *cscf; |
| |
| c = ngx_ssl_get_connection(ssl_conn); |
| |
| if (c->ssl->handshaked) { |
| *ad = SSL_AD_NO_RENEGOTIATION; |
| return SSL_TLSEXT_ERR_ALERT_FATAL; |
| } |
| |
| hc = c->data; |
| |
| #if defined(OPENSSL_IS_BORINGSSL) || defined(SSL_CLIENT_HELLO_CB) |
| if (hc->ssl_servername) { |
| /* This function was already called from the early callback. */ |
| goto done; |
| } |
| |
| if (arg != NULL) { |
| servername = (const char *) arg; |
| } else |
| #endif |
| servername = SSL_get_servername(ssl_conn, TLSEXT_NAMETYPE_host_name); |
| |
| if (servername == NULL) { |
| ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, |
| "SSL server name: null"); |
| goto done; |
| } |
| |
| ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, |
| "SSL server name: \"%s\"", servername); |
| |
| host.len = ngx_strlen(servername); |
| |
| if (host.len == 0) { |
| goto done; |
| } |
| |
| host.data = (u_char *) servername; |
| |
| rc = ngx_http_validate_host(&host, c->pool, 1); |
| |
| if (rc == NGX_ERROR) { |
| goto error; |
| } |
| |
| if (rc == NGX_DECLINED) { |
| goto done; |
| } |
| |
| rc = ngx_http_find_virtual_server(c, hc->addr_conf->virtual_names, &host, |
| NULL, &cscf); |
| |
| if (rc == NGX_ERROR) { |
| goto error; |
| } |
| |
| if (rc == NGX_DECLINED) { |
| goto done; |
| } |
| |
| hc->ssl_servername = ngx_palloc(c->pool, sizeof(ngx_str_t)); |
| if (hc->ssl_servername == NULL) { |
| goto error; |
| } |
| |
| *hc->ssl_servername = host; |
| |
| hc->conf_ctx = cscf->ctx; |
| |
| clcf = ngx_http_get_module_loc_conf(hc->conf_ctx, ngx_http_core_module); |
| |
| ngx_set_connection_log(c, clcf->error_log); |
| |
| sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module); |
| |
| c->ssl->buffer_size = sscf->buffer_size; |
| |
| if (sscf->ssl.ctx && sscf->ssl.ctx != SSL_get_SSL_CTX(ssl_conn)) { |
| if (SSL_set_SSL_CTX(ssl_conn, sscf->ssl.ctx) == NULL) { |
| goto error; |
| } |
| |
| /* |
| * SSL_set_SSL_CTX() only changes certs as of 1.0.0d |
| * adjust other things we care about |
| */ |
| |
| SSL_set_verify(ssl_conn, SSL_CTX_get_verify_mode(sscf->ssl.ctx), |
| SSL_CTX_get_verify_callback(sscf->ssl.ctx)); |
| |
| SSL_set_verify_depth(ssl_conn, SSL_CTX_get_verify_depth(sscf->ssl.ctx)); |
| |
| #if OPENSSL_VERSION_NUMBER >= 0x009080dfL |
| /* only in 0.9.8m+ */ |
| SSL_clear_options(ssl_conn, SSL_get_options(ssl_conn) & |
| ~SSL_CTX_get_options(sscf->ssl.ctx)); |
| #endif |
| |
| SSL_set_options(ssl_conn, SSL_CTX_get_options(sscf->ssl.ctx)); |
| |
| #ifdef SSL_OP_NO_RENEGOTIATION |
| SSL_set_options(ssl_conn, SSL_OP_NO_RENEGOTIATION); |
| #endif |
| } |
| |
| done: |
| |
| sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module); |
| |
| if (sscf->reject_handshake) { |
| c->ssl->handshake_rejected = 1; |
| *ad = SSL_AD_UNRECOGNIZED_NAME; |
| return SSL_TLSEXT_ERR_ALERT_FATAL; |
| } |
| |
| return SSL_TLSEXT_ERR_OK; |
| |
| error: |
| |
| *ad = SSL_AD_INTERNAL_ERROR; |
| return SSL_TLSEXT_ERR_ALERT_FATAL; |
| } |
| |
| #endif |
| |
| |
| #ifdef SSL_R_CERT_CB_ERROR |
| |
| int |
| ngx_http_ssl_certificate(ngx_ssl_conn_t *ssl_conn, void *arg) |
| { |
| ngx_str_t cert, key; |
| ngx_uint_t i, nelts; |
| ngx_connection_t *c; |
| ngx_http_request_t *r; |
| ngx_http_ssl_srv_conf_t *sscf; |
| ngx_http_complex_value_t *certs, *keys; |
| |
| c = ngx_ssl_get_connection(ssl_conn); |
| |
| if (c->ssl->handshaked) { |
| return 0; |
| } |
| |
| r = ngx_http_alloc_request(c); |
| if (r == NULL) { |
| return 0; |
| } |
| |
| r->logged = 1; |
| |
| sscf = arg; |
| |
| nelts = sscf->certificate_values->nelts; |
| certs = sscf->certificate_values->elts; |
| keys = sscf->certificate_key_values->elts; |
| |
| for (i = 0; i < nelts; i++) { |
| |
| if (ngx_http_complex_value(r, &certs[i], &cert) != NGX_OK) { |
| goto failed; |
| } |
| |
| ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, |
| "ssl cert: \"%s\"", cert.data); |
| |
| if (ngx_http_complex_value(r, &keys[i], &key) != NGX_OK) { |
| goto failed; |
| } |
| |
| ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, |
| "ssl key: \"%s\"", key.data); |
| |
| if (ngx_ssl_connection_certificate(c, r->pool, &cert, &key, |
| sscf->passwords) |
| != NGX_OK) |
| { |
| goto failed; |
| } |
| } |
| |
| ngx_http_free_request(r, 0); |
| c->log->action = "SSL handshaking"; |
| c->destroyed = 0; |
| return 1; |
| |
| failed: |
| |
| ngx_http_free_request(r, 0); |
| c->log->action = "SSL handshaking"; |
| c->destroyed = 0; |
| return 0; |
| } |
| |
| #endif |
| |
| #endif |
| |
| |
| static void |
| ngx_http_process_request_line(ngx_event_t *rev) |
| { |
| ssize_t n; |
| ngx_int_t rc, rv; |
| ngx_str_t host; |
| ngx_connection_t *c; |
| ngx_http_request_t *r; |
| |
| c = rev->data; |
| r = c->data; |
| |
| ngx_log_debug0(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
| "http process request line"); |
| |
| if (rev->timedout) { |
| ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); |
| c->timedout = 1; |
| ngx_http_close_request(r, NGX_HTTP_REQUEST_TIME_OUT); |
| return; |
| } |
| |
| rc = NGX_AGAIN; |
| |
| for ( ;; ) { |
| |
| if (rc == NGX_AGAIN) { |
| n = ngx_http_read_request_header(r); |
| |
| if (n == NGX_AGAIN || n == NGX_ERROR) { |
| break; |
| } |
| } |
| |
| rc = ngx_http_parse_request_line(r, r->header_in); |
| |
| if (rc == NGX_OK) { |
| |
| /* the request line has been parsed successfully */ |
| |
| r->request_line.len = r->request_end - r->request_start; |
| r->request_line.data = r->request_start; |
| r->request_length = r->header_in->pos - r->request_start; |
| |
| ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, |
| "http request line: \"%V\"", &r->request_line); |
| |
| r->method_name.len = r->method_end - r->request_start + 1; |
| r->method_name.data = r->request_line.data; |
| |
| if (r->http_protocol.data) { |
| r->http_protocol.len = r->request_end - r->http_protocol.data; |
| } |
| |
| if (ngx_http_process_request_uri(r) != NGX_OK) { |
| break; |
| } |
| |
| if (r->schema_end) { |
| r->schema.len = r->schema_end - r->schema_start; |
| r->schema.data = r->schema_start; |
| } |
| |
| if (r->host_end) { |
| |
| host.len = r->host_end - r->host_start; |
| host.data = r->host_start; |
| |
| rc = ngx_http_validate_host(&host, r->pool, 0); |
| |
| if (rc == NGX_DECLINED) { |
| ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| "client sent invalid host in request line"); |
| ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); |
| break; |
| } |
| |
| if (rc == NGX_ERROR) { |
| ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); |
| break; |
| } |
| |
| if (ngx_http_set_virtual_server(r, &host) == NGX_ERROR) { |
| break; |
| } |
| |
| r->headers_in.server = host; |
| } |
| |
| if (r->http_version < NGX_HTTP_VERSION_10) { |
| |
| if (r->headers_in.server.len == 0 |
| && ngx_http_set_virtual_server(r, &r->headers_in.server) |
| == NGX_ERROR) |
| { |
| break; |
| } |
| |
| ngx_http_process_request(r); |
| break; |
| } |
| |
| |
| if (ngx_list_init(&r->headers_in.headers, r->pool, 20, |
| sizeof(ngx_table_elt_t)) |
| != NGX_OK) |
| { |
| ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); |
| break; |
| } |
| |
| c->log->action = "reading client request headers"; |
| |
| rev->handler = ngx_http_process_request_headers; |
| ngx_http_process_request_headers(rev); |
| |
| break; |
| } |
| |
| if (rc != NGX_AGAIN) { |
| |
| /* there was error while a request line parsing */ |
| |
| ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| ngx_http_client_errors[rc - NGX_HTTP_CLIENT_ERROR]); |
| |
| if (rc == NGX_HTTP_PARSE_INVALID_VERSION) { |
| ngx_http_finalize_request(r, NGX_HTTP_VERSION_NOT_SUPPORTED); |
| |
| } else { |
| ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); |
| } |
| |
| break; |
| } |
| |
| /* NGX_AGAIN: a request line parsing is still incomplete */ |
| |
| if (r->header_in->pos == r->header_in->end) { |
| |
| rv = ngx_http_alloc_large_header_buffer(r, 1); |
| |
| if (rv == NGX_ERROR) { |
| ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); |
| break; |
| } |
| |
| if (rv == NGX_DECLINED) { |
| r->request_line.len = r->header_in->end - r->request_start; |
| r->request_line.data = r->request_start; |
| |
| ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| "client sent too long URI"); |
| ngx_http_finalize_request(r, NGX_HTTP_REQUEST_URI_TOO_LARGE); |
| break; |
| } |
| } |
| } |
| |
| ngx_http_run_posted_requests(c); |
| } |
| |
| |
| ngx_int_t |
| ngx_http_process_request_uri(ngx_http_request_t *r) |
| { |
| ngx_http_core_srv_conf_t *cscf; |
| |
| if (r->args_start) { |
| r->uri.len = r->args_start - 1 - r->uri_start; |
| } else { |
| r->uri.len = r->uri_end - r->uri_start; |
| } |
| |
| if (r->complex_uri || r->quoted_uri || r->empty_path_in_uri) { |
| |
| if (r->empty_path_in_uri) { |
| r->uri.len++; |
| } |
| |
| r->uri.data = ngx_pnalloc(r->pool, r->uri.len); |
| if (r->uri.data == NULL) { |
| ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); |
| return NGX_ERROR; |
| } |
| |
| cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); |
| |
| if (ngx_http_parse_complex_uri(r, cscf->merge_slashes) != NGX_OK) { |
| r->uri.len = 0; |
| |
| ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |
| "client sent invalid request"); |
| ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); |
| return NGX_ERROR; |
| } |
| |
| } else { |
| r->uri.data = r->uri_start; |
| } |
| |
| r->unparsed_uri.len = r->uri_end - r->uri_start; |
| r->unparsed_uri.data = r->uri_start; |
| |
| r->valid_unparsed_uri = r->empty_path_in_uri ? 0 : 1; |
| |
| if (r->uri_ext) { |
| if (r->args_start) { |
| r->exten.len = r->args_start - 1 - r->uri_ext; |
| } else { |
| r->exten.len = r->uri_end - r->uri_ext; |
| } |
| |
| r->exten.data = r->uri_ext; |
| } |
| |
| if (r->args_start && r->uri_end > r->args_start) { |
| r->args.len = r->uri_end - r->args_start; |
| r->args.data = r->args_start; |
| } |
| |
| #if (NGX_WIN32) |
| { |
| u_char *p, *last; |
| |
| p = r->uri.data; |
| last = r->uri.data + r->uri.len; |
| |
| while (p < last) { |
| |
| if (*p++ == ':') { |
| |
| /* |
| * this check covers "::$data", "::$index_allocation" and |
| * ":$i30:$index_allocation" |
| */ |
| |
| if (p < last && *p == '$') { |
| ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |
| "client sent unsafe win32 URI"); |
| ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); |
| return NGX_ERROR; |
| } |
| } |
| } |
| |
| p = r->uri.data + r->uri.len - 1; |
| |
| while (p > r->uri.data) { |
| |
| if (*p == ' ') { |
| p--; |
| continue; |
| } |
| |
| if (*p == '.') { |
| p--; |
| continue; |
| } |
| |
| break; |
| } |
| |
| if (p != r->uri.data + r->uri.len - 1) { |
| r->uri.len = p + 1 - r->uri.data; |
| ngx_http_set_exten(r); |
| } |
| |
| } |
| #endif |
| |
| ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
| "http uri: \"%V\"", &r->uri); |
| |
| ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
| "http args: \"%V\"", &r->args); |
| |
| ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
| "http exten: \"%V\"", &r->exten); |
| |
| return NGX_OK; |
| } |
| |
| |
| static void |
| ngx_http_process_request_headers(ngx_event_t *rev) |
| { |
| u_char *p; |
| size_t len; |
| ssize_t n; |
| ngx_int_t rc, rv; |
| ngx_table_elt_t *h; |
| ngx_connection_t *c; |
| ngx_http_header_t *hh; |
| ngx_http_request_t *r; |
| ngx_http_core_srv_conf_t *cscf; |
| ngx_http_core_main_conf_t *cmcf; |
| |
| c = rev->data; |
| r = c->data; |
| |
| ngx_log_debug0(NGX_LOG_DEBUG_HTTP, rev->log, 0, |
| "http process request header line"); |
| |
| if (rev->timedout) { |
| ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, "client timed out"); |
| c->timedout = 1; |
| ngx_http_close_request(r, NGX_HTTP_REQUEST_TIME_OUT); |
| return; |
| } |
| |
| cmcf = ngx_http_get_module_main_conf(r, ngx_http_core_module); |
| |
| rc = NGX_AGAIN; |
| |
| for ( ;; ) { |
| |
| if (rc == NGX_AGAIN) { |
| |
| if (r->header_in->pos == r->header_in->end) { |
| |
| rv = ngx_http_alloc_large_header_buffer(r, 0); |
| |
| if (rv == NGX_ERROR) { |
| ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); |
| break; |
| } |
| |
| if (rv == NGX_DECLINED) { |
| p = r->header_name_start; |
| |
| r->lingering_close = 1; |
| |
| if (p == NULL) { |
| ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| "client sent too large request"); |
| ngx_http_finalize_request(r, |
| NGX_HTTP_REQUEST_HEADER_TOO_LARGE); |
| break; |
| } |
| |
| len = r->header_in->end - p; |
| |
| if (len > NGX_MAX_ERROR_STR - 300) { |
| len = NGX_MAX_ERROR_STR - 300; |
| } |
| |
| ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| "client sent too long header line: \"%*s...\"", |
| len, r->header_name_start); |
| |
| ngx_http_finalize_request(r, |
| NGX_HTTP_REQUEST_HEADER_TOO_LARGE); |
| break; |
| } |
| } |
| |
| n = ngx_http_read_request_header(r); |
| |
| if (n == NGX_AGAIN || n == NGX_ERROR) { |
| break; |
| } |
| } |
| |
| /* the host header could change the server configuration context */ |
| cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); |
| |
| rc = ngx_http_parse_header_line(r, r->header_in, |
| cscf->underscores_in_headers); |
| |
| if (rc == NGX_OK) { |
| |
| r->request_length += r->header_in->pos - r->header_name_start; |
| |
| if (r->invalid_header && cscf->ignore_invalid_headers) { |
| |
| /* there was error while a header line parsing */ |
| |
| ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| "client sent invalid header line: \"%*s\"", |
| r->header_end - r->header_name_start, |
| r->header_name_start); |
| continue; |
| } |
| |
| /* a header line has been parsed successfully */ |
| |
| h = ngx_list_push(&r->headers_in.headers); |
| if (h == NULL) { |
| ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); |
| break; |
| } |
| |
| h->hash = r->header_hash; |
| |
| h->key.len = r->header_name_end - r->header_name_start; |
| h->key.data = r->header_name_start; |
| h->key.data[h->key.len] = '\0'; |
| |
| h->value.len = r->header_end - r->header_start; |
| h->value.data = r->header_start; |
| h->value.data[h->value.len] = '\0'; |
| |
| h->lowcase_key = ngx_pnalloc(r->pool, h->key.len); |
| if (h->lowcase_key == NULL) { |
| ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); |
| break; |
| } |
| |
| if (h->key.len == r->lowcase_index) { |
| ngx_memcpy(h->lowcase_key, r->lowcase_header, h->key.len); |
| |
| } else { |
| ngx_strlow(h->lowcase_key, h->key.data, h->key.len); |
| } |
| |
| hh = ngx_hash_find(&cmcf->headers_in_hash, h->hash, |
| h->lowcase_key, h->key.len); |
| |
| if (hh && hh->handler(r, h, hh->offset) != NGX_OK) { |
| break; |
| } |
| |
| ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
| "http header: \"%V: %V\"", |
| &h->key, &h->value); |
| |
| continue; |
| } |
| |
| if (rc == NGX_HTTP_PARSE_HEADER_DONE) { |
| |
| /* a whole header has been parsed successfully */ |
| |
| ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
| "http header done"); |
| |
| r->request_length += r->header_in->pos - r->header_name_start; |
| |
| r->http_state = NGX_HTTP_PROCESS_REQUEST_STATE; |
| |
| rc = ngx_http_process_request_header(r); |
| |
| if (rc != NGX_OK) { |
| break; |
| } |
| |
| ngx_http_process_request(r); |
| |
| break; |
| } |
| |
| if (rc == NGX_AGAIN) { |
| |
| /* a header line parsing is still not complete */ |
| |
| continue; |
| } |
| |
| /* rc == NGX_HTTP_PARSE_INVALID_HEADER */ |
| |
| ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| "client sent invalid header line: \"%*s\\x%02xd...\"", |
| r->header_end - r->header_name_start, |
| r->header_name_start, *r->header_end); |
| |
| ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); |
| break; |
| } |
| |
| ngx_http_run_posted_requests(c); |
| } |
| |
| |
| static ssize_t |
| ngx_http_read_request_header(ngx_http_request_t *r) |
| { |
| ssize_t n; |
| ngx_event_t *rev; |
| ngx_connection_t *c; |
| ngx_http_core_srv_conf_t *cscf; |
| |
| c = r->connection; |
| rev = c->read; |
| |
| n = r->header_in->last - r->header_in->pos; |
| |
| if (n > 0) { |
| return n; |
| } |
| |
| if (rev->ready) { |
| n = c->recv(c, r->header_in->last, |
| r->header_in->end - r->header_in->last); |
| } else { |
| n = NGX_AGAIN; |
| } |
| |
| if (n == NGX_AGAIN) { |
| if (!rev->timer_set) { |
| cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); |
| ngx_add_timer(rev, cscf->client_header_timeout); |
| } |
| |
| if (ngx_handle_read_event(rev, 0) != NGX_OK) { |
| ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); |
| return NGX_ERROR; |
| } |
| |
| return NGX_AGAIN; |
| } |
| |
| if (n == 0) { |
| ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| "client prematurely closed connection"); |
| } |
| |
| if (n == 0 || n == NGX_ERROR) { |
| c->error = 1; |
| c->log->action = "reading client request headers"; |
| |
| ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); |
| return NGX_ERROR; |
| } |
| |
| r->header_in->last += n; |
| |
| return n; |
| } |
| |
| |
| static ngx_int_t |
| ngx_http_alloc_large_header_buffer(ngx_http_request_t *r, |
| ngx_uint_t request_line) |
| { |
| u_char *old, *new; |
| ngx_buf_t *b; |
| ngx_chain_t *cl; |
| ngx_http_connection_t *hc; |
| ngx_http_core_srv_conf_t *cscf; |
| |
| ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
| "http alloc large header buffer"); |
| |
| if (request_line && r->state == 0) { |
| |
| /* the client fills up the buffer with "\r\n" */ |
| |
| r->header_in->pos = r->header_in->start; |
| r->header_in->last = r->header_in->start; |
| |
| return NGX_OK; |
| } |
| |
| old = request_line ? r->request_start : r->header_name_start; |
| |
| cscf = ngx_http_get_module_srv_conf(r, ngx_http_core_module); |
| |
| if (r->state != 0 |
| && (size_t) (r->header_in->pos - old) |
| >= cscf->large_client_header_buffers.size) |
| { |
| return NGX_DECLINED; |
| } |
| |
| hc = r->http_connection; |
| |
| if (hc->free) { |
| cl = hc->free; |
| hc->free = cl->next; |
| |
| b = cl->buf; |
| |
| ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
| "http large header free: %p %uz", |
| b->pos, b->end - b->last); |
| |
| } else if (hc->nbusy < cscf->large_client_header_buffers.num) { |
| |
| b = ngx_create_temp_buf(r->connection->pool, |
| cscf->large_client_header_buffers.size); |
| if (b == NULL) { |
| return NGX_ERROR; |
| } |
| |
| cl = ngx_alloc_chain_link(r->connection->pool); |
| if (cl == NULL) { |
| return NGX_ERROR; |
| } |
| |
| cl->buf = b; |
| |
| ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
| "http large header alloc: %p %uz", |
| b->pos, b->end - b->last); |
| |
| } else { |
| return NGX_DECLINED; |
| } |
| |
| cl->next = hc->busy; |
| hc->busy = cl; |
| hc->nbusy++; |
| |
| if (r->state == 0) { |
| /* |
| * r->state == 0 means that a header line was parsed successfully |
| * and we do not need to copy incomplete header line and |
| * to relocate the parser header pointers |
| */ |
| |
| r->header_in = b; |
| |
| return NGX_OK; |
| } |
| |
| ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
| "http large header copy: %uz", r->header_in->pos - old); |
| |
| if (r->header_in->pos - old > b->end - b->start) { |
| ngx_log_error(NGX_LOG_ALERT, r->connection->log, 0, |
| "too large header to copy"); |
| return NGX_ERROR; |
| } |
| |
| new = b->start; |
| |
| ngx_memcpy(new, old, r->header_in->pos - old); |
| |
| b->pos = new + (r->header_in->pos - old); |
| b->last = new + (r->header_in->pos - old); |
| |
| if (request_line) { |
| r->request_start = new; |
| |
| if (r->request_end) { |
| r->request_end = new + (r->request_end - old); |
| } |
| |
| r->method_end = new + (r->method_end - old); |
| |
| r->uri_start = new + (r->uri_start - old); |
| r->uri_end = new + (r->uri_end - old); |
| |
| if (r->schema_start) { |
| r->schema_start = new + (r->schema_start - old); |
| r->schema_end = new + (r->schema_end - old); |
| } |
| |
| if (r->host_start) { |
| r->host_start = new + (r->host_start - old); |
| if (r->host_end) { |
| r->host_end = new + (r->host_end - old); |
| } |
| } |
| |
| if (r->port_start) { |
| r->port_start = new + (r->port_start - old); |
| r->port_end = new + (r->port_end - old); |
| } |
| |
| if (r->uri_ext) { |
| r->uri_ext = new + (r->uri_ext - old); |
| } |
| |
| if (r->args_start) { |
| r->args_start = new + (r->args_start - old); |
| } |
| |
| if (r->http_protocol.data) { |
| r->http_protocol.data = new + (r->http_protocol.data - old); |
| } |
| |
| } else { |
| r->header_name_start = new; |
| r->header_name_end = new + (r->header_name_end - old); |
| r->header_start = new + (r->header_start - old); |
| r->header_end = new + (r->header_end - old); |
| } |
| |
| r->header_in = b; |
| |
| return NGX_OK; |
| } |
| |
| |
| static ngx_int_t |
| ngx_http_process_header_line(ngx_http_request_t *r, ngx_table_elt_t *h, |
| ngx_uint_t offset) |
| { |
| ngx_table_elt_t **ph; |
| |
| ph = (ngx_table_elt_t **) ((char *) &r->headers_in + offset); |
| |
| if (*ph == NULL) { |
| *ph = h; |
| } |
| |
| return NGX_OK; |
| } |
| |
| |
| static ngx_int_t |
| ngx_http_process_unique_header_line(ngx_http_request_t *r, ngx_table_elt_t *h, |
| ngx_uint_t offset) |
| { |
| ngx_table_elt_t **ph; |
| |
| ph = (ngx_table_elt_t **) ((char *) &r->headers_in + offset); |
| |
| if (*ph == NULL) { |
| *ph = h; |
| return NGX_OK; |
| } |
| |
| ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |
| "client sent duplicate header line: \"%V: %V\", " |
| "previous value: \"%V: %V\"", |
| &h->key, &h->value, &(*ph)->key, &(*ph)->value); |
| |
| ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); |
| |
| return NGX_ERROR; |
| } |
| |
| |
| static ngx_int_t |
| ngx_http_process_host(ngx_http_request_t *r, ngx_table_elt_t *h, |
| ngx_uint_t offset) |
| { |
| ngx_int_t rc; |
| ngx_str_t host; |
| |
| if (r->headers_in.host) { |
| ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |
| "client sent duplicate host header: \"%V: %V\", " |
| "previous value: \"%V: %V\"", |
| &h->key, &h->value, &r->headers_in.host->key, |
| &r->headers_in.host->value); |
| ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); |
| return NGX_ERROR; |
| } |
| |
| r->headers_in.host = h; |
| |
| host = h->value; |
| |
| rc = ngx_http_validate_host(&host, r->pool, 0); |
| |
| if (rc == NGX_DECLINED) { |
| ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |
| "client sent invalid host header"); |
| ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); |
| return NGX_ERROR; |
| } |
| |
| if (rc == NGX_ERROR) { |
| ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); |
| return NGX_ERROR; |
| } |
| |
| if (r->headers_in.server.len) { |
| return NGX_OK; |
| } |
| |
| if (ngx_http_set_virtual_server(r, &host) == NGX_ERROR) { |
| return NGX_ERROR; |
| } |
| |
| r->headers_in.server = host; |
| |
| return NGX_OK; |
| } |
| |
| |
| static ngx_int_t |
| ngx_http_process_connection(ngx_http_request_t *r, ngx_table_elt_t *h, |
| ngx_uint_t offset) |
| { |
| if (r->headers_in.connection == NULL) { |
| r->headers_in.connection = h; |
| } |
| |
| #if (NGX_HTTP_V2) |
| |
| if (r->stream) { |
| ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |
| "client sent HTTP/2 request with \"Connection\" header"); |
| |
| ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); |
| return NGX_ERROR; |
| } |
| |
| #endif |
| |
| if (ngx_strcasestrn(h->value.data, "close", 5 - 1)) { |
| r->headers_in.connection_type = NGX_HTTP_CONNECTION_CLOSE; |
| |
| } else if (ngx_strcasestrn(h->value.data, "keep-alive", 10 - 1)) { |
| r->headers_in.connection_type = NGX_HTTP_CONNECTION_KEEP_ALIVE; |
| } |
| |
| return NGX_OK; |
| } |
| |
| |
| static ngx_int_t |
| ngx_http_process_user_agent(ngx_http_request_t *r, ngx_table_elt_t *h, |
| ngx_uint_t offset) |
| { |
| u_char *user_agent, *msie; |
| |
| if (r->headers_in.user_agent) { |
| return NGX_OK; |
| } |
| |
| r->headers_in.user_agent = h; |
| |
| /* check some widespread browsers while the header is in CPU cache */ |
| |
| user_agent = h->value.data; |
| |
| msie = ngx_strstrn(user_agent, "MSIE ", 5 - 1); |
| |
| if (msie && msie + 7 < user_agent + h->value.len) { |
| |
| r->headers_in.msie = 1; |
| |
| if (msie[6] == '.') { |
| |
| switch (msie[5]) { |
| case '4': |
| case '5': |
| r->headers_in.msie6 = 1; |
| break; |
| case '6': |
| if (ngx_strstrn(msie + 8, "SV1", 3 - 1) == NULL) { |
| r->headers_in.msie6 = 1; |
| } |
| break; |
| } |
| } |
| |
| #if 0 |
| /* MSIE ignores the SSL "close notify" alert */ |
| if (c->ssl) { |
| c->ssl->no_send_shutdown = 1; |
| } |
| #endif |
| } |
| |
| if (ngx_strstrn(user_agent, "Opera", 5 - 1)) { |
| r->headers_in.opera = 1; |
| r->headers_in.msie = 0; |
| r->headers_in.msie6 = 0; |
| } |
| |
| if (!r->headers_in.msie && !r->headers_in.opera) { |
| |
| if (ngx_strstrn(user_agent, "Gecko/", 6 - 1)) { |
| r->headers_in.gecko = 1; |
| |
| } else if (ngx_strstrn(user_agent, "Chrome/", 7 - 1)) { |
| r->headers_in.chrome = 1; |
| |
| } else if (ngx_strstrn(user_agent, "Safari/", 7 - 1) |
| && ngx_strstrn(user_agent, "Mac OS X", 8 - 1)) |
| { |
| r->headers_in.safari = 1; |
| |
| } else if (ngx_strstrn(user_agent, "Konqueror", 9 - 1)) { |
| r->headers_in.konqueror = 1; |
| } |
| } |
| |
| return NGX_OK; |
| } |
| |
| |
| static ngx_int_t |
| ngx_http_process_multi_header_lines(ngx_http_request_t *r, ngx_table_elt_t *h, |
| ngx_uint_t offset) |
| { |
| ngx_array_t *headers; |
| ngx_table_elt_t **ph; |
| |
| headers = (ngx_array_t *) ((char *) &r->headers_in + offset); |
| |
| if (headers->elts == NULL) { |
| if (ngx_array_init(headers, r->pool, 1, sizeof(ngx_table_elt_t *)) |
| != NGX_OK) |
| { |
| ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); |
| return NGX_ERROR; |
| } |
| } |
| |
| ph = ngx_array_push(headers); |
| if (ph == NULL) { |
| ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); |
| return NGX_ERROR; |
| } |
| |
| *ph = h; |
| return NGX_OK; |
| } |
| |
| |
| ngx_int_t |
| ngx_http_process_request_header(ngx_http_request_t *r) |
| { |
| if (r->headers_in.server.len == 0 |
| && ngx_http_set_virtual_server(r, &r->headers_in.server) |
| == NGX_ERROR) |
| { |
| return NGX_ERROR; |
| } |
| |
| if (r->headers_in.host == NULL && r->http_version > NGX_HTTP_VERSION_10) { |
| ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |
| "client sent HTTP/1.1 request without \"Host\" header"); |
| ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); |
| return NGX_ERROR; |
| } |
| |
| if (r->headers_in.content_length) { |
| r->headers_in.content_length_n = |
| ngx_atoof(r->headers_in.content_length->value.data, |
| r->headers_in.content_length->value.len); |
| |
| if (r->headers_in.content_length_n == NGX_ERROR) { |
| ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |
| "client sent invalid \"Content-Length\" header"); |
| ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); |
| return NGX_ERROR; |
| } |
| } |
| |
| if (r->headers_in.transfer_encoding) { |
| if (r->http_version < NGX_HTTP_VERSION_11) { |
| ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |
| "client sent HTTP/1.0 request with " |
| "\"Transfer-Encoding\" header"); |
| ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); |
| return NGX_ERROR; |
| } |
| |
| if (r->headers_in.transfer_encoding->value.len == 7 |
| && ngx_strncasecmp(r->headers_in.transfer_encoding->value.data, |
| (u_char *) "chunked", 7) == 0) |
| { |
| if (r->headers_in.content_length) { |
| ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |
| "client sent \"Content-Length\" and " |
| "\"Transfer-Encoding\" headers " |
| "at the same time"); |
| ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); |
| return NGX_ERROR; |
| } |
| |
| r->headers_in.chunked = 1; |
| |
| } else { |
| ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |
| "client sent unknown \"Transfer-Encoding\": \"%V\"", |
| &r->headers_in.transfer_encoding->value); |
| ngx_http_finalize_request(r, NGX_HTTP_NOT_IMPLEMENTED); |
| return NGX_ERROR; |
| } |
| } |
| |
| if (r->headers_in.connection_type == NGX_HTTP_CONNECTION_KEEP_ALIVE) { |
| if (r->headers_in.keep_alive) { |
| r->headers_in.keep_alive_n = |
| ngx_atotm(r->headers_in.keep_alive->value.data, |
| r->headers_in.keep_alive->value.len); |
| } |
| } |
| |
| if (r->method == NGX_HTTP_CONNECT) { |
| ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |
| "client sent CONNECT method"); |
| ngx_http_finalize_request(r, NGX_HTTP_NOT_ALLOWED); |
| return NGX_ERROR; |
| } |
| |
| if (r->method == NGX_HTTP_TRACE) { |
| ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |
| "client sent TRACE method"); |
| ngx_http_finalize_request(r, NGX_HTTP_NOT_ALLOWED); |
| return NGX_ERROR; |
| } |
| |
| return NGX_OK; |
| } |
| |
| |
| void |
| ngx_http_process_request(ngx_http_request_t *r) |
| { |
| ngx_connection_t *c; |
| |
| c = r->connection; |
| |
| #if (NGX_HTTP_SSL) |
| |
| if (r->http_connection->ssl) { |
| long rc; |
| X509 *cert; |
| const char *s; |
| ngx_http_ssl_srv_conf_t *sscf; |
| |
| if (c->ssl == NULL) { |
| ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| "client sent plain HTTP request to HTTPS port"); |
| ngx_http_finalize_request(r, NGX_HTTP_TO_HTTPS); |
| return; |
| } |
| |
| sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module); |
| |
| if (sscf->verify) { |
| rc = SSL_get_verify_result(c->ssl->connection); |
| |
| if (rc != X509_V_OK |
| && (sscf->verify != 3 || !ngx_ssl_verify_error_optional(rc))) |
| { |
| ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| "client SSL certificate verify error: (%l:%s)", |
| rc, X509_verify_cert_error_string(rc)); |
| |
| ngx_ssl_remove_cached_session(c->ssl->session_ctx, |
| (SSL_get0_session(c->ssl->connection))); |
| |
| ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR); |
| return; |
| } |
| |
| if (sscf->verify == 1) { |
| cert = SSL_get_peer_certificate(c->ssl->connection); |
| |
| if (cert == NULL) { |
| ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| "client sent no required SSL certificate"); |
| |
| ngx_ssl_remove_cached_session(c->ssl->session_ctx, |
| (SSL_get0_session(c->ssl->connection))); |
| |
| ngx_http_finalize_request(r, NGX_HTTPS_NO_CERT); |
| return; |
| } |
| |
| X509_free(cert); |
| } |
| |
| if (ngx_ssl_ocsp_get_status(c, &s) != NGX_OK) { |
| ngx_log_error(NGX_LOG_INFO, c->log, 0, |
| "client SSL certificate verify error: %s", s); |
| |
| ngx_ssl_remove_cached_session(c->ssl->session_ctx, |
| (SSL_get0_session(c->ssl->connection))); |
| |
| ngx_http_finalize_request(r, NGX_HTTPS_CERT_ERROR); |
| return; |
| } |
| } |
| } |
| |
| #endif |
| |
| if (c->read->timer_set) { |
| ngx_del_timer(c->read); |
| } |
| |
| #if (NGX_STAT_STUB) |
| (void) ngx_atomic_fetch_add(ngx_stat_reading, -1); |
| r->stat_reading = 0; |
| (void) ngx_atomic_fetch_add(ngx_stat_writing, 1); |
| r->stat_writing = 1; |
| #endif |
| |
| c->read->handler = ngx_http_request_handler; |
| c->write->handler = ngx_http_request_handler; |
| r->read_event_handler = ngx_http_block_reading; |
| |
| ngx_http_handler(r); |
| } |
| |
| |
| static ngx_int_t |
| ngx_http_validate_host(ngx_str_t *host, ngx_pool_t *pool, ngx_uint_t alloc) |
| { |
| u_char *h, ch; |
| size_t i, dot_pos, host_len; |
| |
| enum { |
| sw_usual = 0, |
| sw_literal, |
| sw_rest |
| } state; |
| |
| dot_pos = host->len; |
| host_len = host->len; |
| |
| h = host->data; |
| |
| state = sw_usual; |
| |
| for (i = 0; i < host->len; i++) { |
| ch = h[i]; |
| |
| switch (ch) { |
| |
| case '.': |
| if (dot_pos == i - 1) { |
| return NGX_DECLINED; |
| } |
| dot_pos = i; |
| break; |
| |
| case ':': |
| if (state == sw_usual) { |
| host_len = i; |
| state = sw_rest; |
| } |
| break; |
| |
| case '[': |
| if (i == 0) { |
| state = sw_literal; |
| } |
| break; |
| |
| case ']': |
| if (state == sw_literal) { |
| host_len = i + 1; |
| state = sw_rest; |
| } |
| break; |
| |
| default: |
| |
| if (ngx_path_separator(ch)) { |
| return NGX_DECLINED; |
| } |
| |
| if (ch <= 0x20 || ch == 0x7f) { |
| return NGX_DECLINED; |
| } |
| |
| if (ch >= 'A' && ch <= 'Z') { |
| alloc = 1; |
| } |
| |
| break; |
| } |
| } |
| |
| if (dot_pos == host_len - 1) { |
| host_len--; |
| } |
| |
| if (host_len == 0) { |
| return NGX_DECLINED; |
| } |
| |
| if (alloc) { |
| host->data = ngx_pnalloc(pool, host_len); |
| if (host->data == NULL) { |
| return NGX_ERROR; |
| } |
| |
| ngx_strlow(host->data, h, host_len); |
| } |
| |
| host->len = host_len; |
| |
| return NGX_OK; |
| } |
| |
| |
| static ngx_int_t |
| ngx_http_set_virtual_server(ngx_http_request_t *r, ngx_str_t *host) |
| { |
| ngx_int_t rc; |
| ngx_http_connection_t *hc; |
| ngx_http_core_loc_conf_t *clcf; |
| ngx_http_core_srv_conf_t *cscf; |
| |
| #if (NGX_SUPPRESS_WARN) |
| cscf = NULL; |
| #endif |
| |
| hc = r->http_connection; |
| |
| #if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME) |
| |
| if (hc->ssl_servername) { |
| if (hc->ssl_servername->len == host->len |
| && ngx_strncmp(hc->ssl_servername->data, |
| host->data, host->len) == 0) |
| { |
| #if (NGX_PCRE) |
| if (hc->ssl_servername_regex |
| && ngx_http_regex_exec(r, hc->ssl_servername_regex, |
| hc->ssl_servername) != NGX_OK) |
| { |
| ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); |
| return NGX_ERROR; |
| } |
| #endif |
| return NGX_OK; |
| } |
| } |
| |
| #endif |
| |
| rc = ngx_http_find_virtual_server(r->connection, |
| hc->addr_conf->virtual_names, |
| host, r, &cscf); |
| |
| if (rc == NGX_ERROR) { |
| ngx_http_close_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); |
| return NGX_ERROR; |
| } |
| |
| #if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME) |
| |
| if (hc->ssl_servername) { |
| ngx_http_ssl_srv_conf_t *sscf; |
| |
| if (rc == NGX_DECLINED) { |
| cscf = hc->addr_conf->default_server; |
| rc = NGX_OK; |
| } |
| |
| sscf = ngx_http_get_module_srv_conf(cscf->ctx, ngx_http_ssl_module); |
| |
| if (sscf->verify) { |
| ngx_log_error(NGX_LOG_INFO, r->connection->log, 0, |
| "client attempted to request the server name " |
| "different from the one that was negotiated"); |
| ngx_http_finalize_request(r, NGX_HTTP_MISDIRECTED_REQUEST); |
| return NGX_ERROR; |
| } |
| } |
| |
| #endif |
| |
| if (rc == NGX_DECLINED) { |
| return NGX_OK; |
| } |
| |
| r->srv_conf = cscf->ctx->srv_conf; |
| r->loc_conf = cscf->ctx->loc_conf; |
| |
| clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); |
| |
| ngx_set_connection_log(r->connection, clcf->error_log); |
| |
| return NGX_OK; |
| } |
| |
| |
| static ngx_int_t |
| ngx_http_find_virtual_server(ngx_connection_t *c, |
| ngx_http_virtual_names_t *virtual_names, ngx_str_t *host, |
| ngx_http_request_t *r, ngx_http_core_srv_conf_t **cscfp) |
| { |
| ngx_http_core_srv_conf_t *cscf; |
| |
| if (virtual_names == NULL) { |
| return NGX_DECLINED; |
| } |
| |
| cscf = ngx_hash_find_combined(&virtual_names->names, |
| ngx_hash_key(host->data, host->len), |
| host->data, host->len); |
| |
| if (cscf) { |
| *cscfp = cscf; |
| return NGX_OK; |
| } |
| |
| #if (NGX_PCRE) |
| |
| if (host->len && virtual_names->nregex) { |
| ngx_int_t n; |
| ngx_uint_t i; |
| ngx_http_server_name_t *sn; |
| |
| sn = virtual_names->regex; |
| |
| #if (NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME) |
| |
| if (r == NULL) { |
| ngx_http_connection_t *hc; |
| |
| for (i = 0; i < virtual_names->nregex; i++) { |
| |
| n = ngx_regex_exec(sn[i].regex->regex, host, NULL, 0); |
| |
| if (n == NGX_REGEX_NO_MATCHED) { |
| continue; |
| } |
| |
| if (n >= 0) { |
| hc = c->data; |
| hc->ssl_servername_regex = sn[i].regex; |
| |
| *cscfp = sn[i].server; |
| return NGX_OK; |
| } |
| |
| ngx_log_error(NGX_LOG_ALERT, c->log, 0, |
| ngx_regex_exec_n " failed: %i " |
| "on \"%V\" using \"%V\"", |
| n, host, &sn[i].regex->name); |
| |
| return NGX_ERROR; |
| } |
| |
| return NGX_DECLINED; |
| } |
| |
| #endif /* NGX_HTTP_SSL && defined SSL_CTRL_SET_TLSEXT_HOSTNAME */ |
| |
| for (i = 0; i < virtual_names->nregex; i++) { |
| |
| n = ngx_http_regex_exec(r, sn[i].regex, host); |
| |
| if (n == NGX_DECLINED) { |
| continue; |
| } |
| |
| if (n == NGX_OK) { |
| *cscfp = sn[i].server; |
| return NGX_OK; |
| } |
| |
| return NGX_ERROR; |
| } |
| } |
| |
| #endif /* NGX_PCRE */ |
| |
| return NGX_DECLINED; |
| } |
| |
| |
| static void |
| ngx_http_request_handler(ngx_event_t *ev) |
| { |
| ngx_connection_t *c; |
| ngx_http_request_t *r; |
| |
| c = ev->data; |
| r = c->data; |
| |
| ngx_http_set_log_request(c->log, r); |
| |
| ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0, |
| "http run request: \"%V?%V\"", &r->uri, &r->args); |
| |
| if (c->close) { |
| r->main->count++; |
| ngx_http_terminate_request(r, 0); |
| ngx_http_run_posted_requests(c); |
| return; |
| } |
| |
| if (ev->delayed && ev->timedout) { |
| ev->delayed = 0; |
| ev->timedout = 0; |
| } |
| |
| if (ev->write) { |
| r->write_event_handler(r); |
| |
| } else { |
| r->read_event_handler(r); |
| } |
| |
| ngx_http_run_posted_requests(c); |
| } |
| |
| |
| void |
| ngx_http_run_posted_requests(ngx_connection_t *c) |
| { |
| ngx_http_request_t *r; |
| ngx_http_posted_request_t *pr; |
| |
| for ( ;; ) { |
| |
| if (c->destroyed) { |
| return; |
| } |
| |
| r = c->data; |
| pr = r->main->posted_requests; |
| |
| if (pr == NULL) { |
| return; |
| } |
| |
| r->main->posted_requests = pr->next; |
| |
| r = pr->request; |
| |
| ngx_http_set_log_request(c->log, r); |
| |
| ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0, |
| "http posted request: \"%V?%V\"", &r->uri, &r->args); |
| |
| r->write_event_handler(r); |
| } |
| } |
| |
| |
| ngx_int_t |
| ngx_http_post_request(ngx_http_request_t *r, ngx_http_posted_request_t *pr) |
| { |
| ngx_http_posted_request_t **p; |
| |
| if (pr == NULL) { |
| pr = ngx_palloc(r->pool, sizeof(ngx_http_posted_request_t)); |
| if (pr == NULL) { |
| return NGX_ERROR; |
| } |
| } |
| |
| pr->request = r; |
| pr->next = NULL; |
| |
| for (p = &r->main->posted_requests; *p; p = &(*p)->next) { /* void */ } |
| |
| *p = pr; |
| |
| return NGX_OK; |
| } |
| |
| |
| void |
| ngx_http_finalize_request(ngx_http_request_t *r, ngx_int_t rc) |
| { |
| ngx_connection_t *c; |
| ngx_http_request_t *pr; |
| ngx_http_core_loc_conf_t *clcf; |
| |
| c = r->connection; |
| |
| ngx_log_debug5(NGX_LOG_DEBUG_HTTP, c->log, 0, |
| "http finalize request: %i, \"%V?%V\" a:%d, c:%d", |
| rc, &r->uri, &r->args, r == c->data, r->main->count); |
| |
| if (rc == NGX_DONE) { |
| ngx_http_finalize_connection(r); |
| return; |
| } |
| |
| if (rc == NGX_OK && r->filter_finalize) { |
| c->error = 1; |
| } |
| |
| if (rc == NGX_DECLINED) { |
| r->content_handler = NULL; |
| r->write_event_handler = ngx_http_core_run_phases; |
| ngx_http_core_run_phases(r); |
| return; |
| } |
| |
| if (r != r->main && r->post_subrequest) { |
| rc = r->post_subrequest->handler(r, r->post_subrequest->data, rc); |
| } |
| |
| if (rc == NGX_ERROR |
| || rc == NGX_HTTP_REQUEST_TIME_OUT |
| || rc == NGX_HTTP_CLIENT_CLOSED_REQUEST |
| || c->error) |
| { |
| if (ngx_http_post_action(r) == NGX_OK) { |
| return; |
| } |
| |
| ngx_http_terminate_request(r, rc); |
| return; |
| } |
| |
| if (rc >= NGX_HTTP_SPECIAL_RESPONSE |
| || rc == NGX_HTTP_CREATED |
| || rc == NGX_HTTP_NO_CONTENT) |
| { |
| if (rc == NGX_HTTP_CLOSE) { |
| c->timedout = 1; |
| ngx_http_terminate_request(r, rc); |
| return; |
| } |
| |
| if (r == r->main) { |
| if (c->read->timer_set) { |
| ngx_del_timer(c->read); |
| } |
| |
| if (c->write->timer_set) { |
| ngx_del_timer(c->write); |
| } |
| } |
| |
| c->read->handler = ngx_http_request_handler; |
| c->write->handler = ngx_http_request_handler; |
| |
| ngx_http_finalize_request(r, ngx_http_special_response_handler(r, rc)); |
| return; |
| } |
| |
| if (r != r->main) { |
| |
| if (r->buffered || r->postponed) { |
| |
| if (ngx_http_set_write_handler(r) != NGX_OK) { |
| ngx_http_terminate_request(r, 0); |
| } |
| |
| return; |
| } |
| |
| pr = r->parent; |
| |
| if (r == c->data || r->background) { |
| |
| if (!r->logged) { |
| |
| clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); |
| |
| if (clcf->log_subrequest) { |
| ngx_http_log_request(r); |
| } |
| |
| r->logged = 1; |
| |
| } else { |
| ngx_log_error(NGX_LOG_ALERT, c->log, 0, |
| "subrequest: \"%V?%V\" logged again", |
| &r->uri, &r->args); |
| } |
| |
| r->done = 1; |
| |
| if (r->background) { |
| ngx_http_finalize_connection(r); |
| return; |
| } |
| |
| r->main->count--; |
| |
| if (pr->postponed && pr->postponed->request == r) { |
| pr->postponed = pr->postponed->next; |
| } |
| |
| c->data = pr; |
| |
| } else { |
| |
| ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0, |
| "http finalize non-active request: \"%V?%V\"", |
| &r->uri, &r->args); |
| |
| r->write_event_handler = ngx_http_request_finalizer; |
| |
| if (r->waited) { |
| r->done = 1; |
| } |
| } |
| |
| if (ngx_http_post_request(pr, NULL) != NGX_OK) { |
| r->main->count++; |
| ngx_http_terminate_request(r, 0); |
| return; |
| } |
| |
| ngx_log_debug2(NGX_LOG_DEBUG_HTTP, c->log, 0, |
| "http wake parent request: \"%V?%V\"", |
| &pr->uri, &pr->args); |
| |
| return; |
| } |
| |
| if (r->buffered || c->buffered || r->postponed) { |
| |
| if (ngx_http_set_write_handler(r) != NGX_OK) { |
| ngx_http_terminate_request(r, 0); |
| } |
| |
| return; |
| } |
| |
| if (r != c->data) { |
| ngx_log_error(NGX_LOG_ALERT, c->log, 0, |
| "http finalize non-active request: \"%V?%V\"", |
| &r->uri, &r->args); |
| return; |
| } |
| |
| r->done = 1; |
| |
| r->read_event_handler = ngx_http_block_reading; |
| r->write_event_handler = ngx_http_request_empty_handler; |
| |
| if (!r->post_action) { |
| r->request_complete = 1; |
| } |
| |
| if (ngx_http_post_action(r) == NGX_OK) { |
| return; |
| } |
| |
| if (c->read->timer_set) { |
| ngx_del_timer(c->read); |
| } |
| |
| if (c->write->timer_set) { |
| c->write->delayed = 0; |
| ngx_del_timer(c->write); |
| } |
| |
| ngx_http_finalize_connection(r); |
| } |
| |
| |
| static void |
| ngx_http_terminate_request(ngx_http_request_t *r, ngx_int_t rc) |
| { |
| ngx_http_cleanup_t *cln; |
| ngx_http_request_t *mr; |
| ngx_http_ephemeral_t *e; |
| |
| mr = r->main; |
| |
| ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
| "http terminate request count:%d", mr->count); |
| |
| if (rc > 0 && (mr->headers_out.status == 0 || mr->connection->sent == 0)) { |
| mr->headers_out.status = rc; |
| } |
| |
| cln = mr->cleanup; |
| mr->cleanup = NULL; |
| |
| while (cln) { |
| if (cln->handler) { |
| cln->handler(cln->data); |
| } |
| |
| cln = cln->next; |
| } |
| |
| ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
| "http terminate cleanup count:%d blk:%d", |
| mr->count, mr->blocked); |
| |
| if (mr->write_event_handler) { |
| |
| if (mr->blocked) { |
| r->connection->error = 1; |
| r->write_event_handler = ngx_http_request_finalizer; |
| return; |
| } |
| |
| e = ngx_http_ephemeral(mr); |
| mr->posted_requests = NULL; |
| mr->write_event_handler = ngx_http_terminate_handler; |
| (void) ngx_http_post_request(mr, &e->terminal_posted_request); |
| return; |
| } |
| |
| ngx_http_close_request(mr, rc); |
| } |
| |
| |
| static void |
| ngx_http_terminate_handler(ngx_http_request_t *r) |
| { |
| ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
| "http terminate handler count:%d", r->count); |
| |
| r->count = 1; |
| |
| ngx_http_close_request(r, 0); |
| } |
| |
| |
| static void |
| ngx_http_finalize_connection(ngx_http_request_t *r) |
| { |
| ngx_http_core_loc_conf_t *clcf; |
| |
| #if (NGX_HTTP_V2) |
| if (r->stream) { |
| ngx_http_close_request(r, 0); |
| return; |
| } |
| #endif |
| |
| clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); |
| |
| if (r->main->count != 1) { |
| |
| if (r->discard_body) { |
| r->read_event_handler = ngx_http_discarded_request_body_handler; |
| ngx_add_timer(r->connection->read, clcf->lingering_timeout); |
| |
| if (r->lingering_time == 0) { |
| r->lingering_time = ngx_time() |
| + (time_t) (clcf->lingering_time / 1000); |
| } |
| } |
| |
| ngx_http_close_request(r, 0); |
| return; |
| } |
| |
| r = r->main; |
| |
| if (r->connection->read->eof) { |
| ngx_http_close_request(r, 0); |
| return; |
| } |
| |
| if (r->reading_body) { |
| r->keepalive = 0; |
| r->lingering_close = 1; |
| } |
| |
| if (!ngx_terminate |
| && !ngx_exiting |
| && r->keepalive |
| && clcf->keepalive_timeout > 0) |
| { |
| ngx_http_set_keepalive(r); |
| return; |
| } |
| |
| if (clcf->lingering_close == NGX_HTTP_LINGERING_ALWAYS |
| || (clcf->lingering_close == NGX_HTTP_LINGERING_ON |
| && (r->lingering_close |
| || r->header_in->pos < r->header_in->last |
| || r->connection->read->ready))) |
| { |
| ngx_http_set_lingering_close(r->connection); |
| return; |
| } |
| |
| ngx_http_close_request(r, 0); |
| } |
| |
| |
| static ngx_int_t |
| ngx_http_set_write_handler(ngx_http_request_t *r) |
| { |
| ngx_event_t *wev; |
| ngx_http_core_loc_conf_t *clcf; |
| |
| r->http_state = NGX_HTTP_WRITING_REQUEST_STATE; |
| |
| r->read_event_handler = r->discard_body ? |
| ngx_http_discarded_request_body_handler: |
| ngx_http_test_reading; |
| r->write_event_handler = ngx_http_writer; |
| |
| wev = r->connection->write; |
| |
| if (wev->ready && wev->delayed) { |
| return NGX_OK; |
| } |
| |
| clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); |
| if (!wev->delayed) { |
| ngx_add_timer(wev, clcf->send_timeout); |
| } |
| |
| if (ngx_handle_write_event(wev, clcf->send_lowat) != NGX_OK) { |
| ngx_http_close_request(r, 0); |
| return NGX_ERROR; |
| } |
| |
| return NGX_OK; |
| } |
| |
| |
| static void |
| ngx_http_writer(ngx_http_request_t *r) |
| { |
| ngx_int_t rc; |
| ngx_event_t *wev; |
| ngx_connection_t *c; |
| ngx_http_core_loc_conf_t *clcf; |
| |
| c = r->connection; |
| wev = c->write; |
| |
| ngx_log_debug2(NGX_LOG_DEBUG_HTTP, wev->log, 0, |
| "http writer handler: \"%V?%V\"", &r->uri, &r->args); |
| |
| clcf = ngx_http_get_module_loc_conf(r->main, ngx_http_core_module); |
| |
| if (wev->timedout) { |
| ngx_log_error(NGX_LOG_INFO, c->log, NGX_ETIMEDOUT, |
| "client timed out"); |
| c->timedout = 1; |
| |
| ngx_http_finalize_request(r, NGX_HTTP_REQUEST_TIME_OUT); |
| return; |
| } |
| |
| if (wev->delayed || r->aio) { |
| ngx_log_debug0(NGX_LOG_DEBUG_HTTP, wev->log, 0, |
| "http writer delayed"); |
| |
| if (!wev->delayed) { |
| ngx_add_timer(wev, clcf->send_timeout); |
| } |
| |
| if (ngx_handle_write_event(wev, clcf->send_lowat) != NGX_OK) { |
| ngx_http_close_request(r, 0); |
| } |
| |
| return; |
| } |
| |
| rc = ngx_http_output_filter(r, NULL); |
| |
| ngx_log_debug3(NGX_LOG_DEBUG_HTTP, c->log, 0, |
| "http writer output filter: %i, \"%V?%V\"", |
| rc, &r->uri, &r->args); |
| |
| if (rc == NGX_ERROR) { |
| ngx_http_finalize_request(r, rc); |
| return; |
| } |
| |
| if (r->buffered || r->postponed || (r == r->main && c->buffered)) { |
| |
| if (!wev->delayed) { |
| ngx_add_timer(wev, clcf->send_timeout); |
| } |
| |
| if (ngx_handle_write_event(wev, clcf->send_lowat) != NGX_OK) { |
| ngx_http_close_request(r, 0); |
| } |
| |
| return; |
| } |
| |
| ngx_log_debug2(NGX_LOG_DEBUG_HTTP, wev->log, 0, |
| "http writer done: \"%V?%V\"", &r->uri, &r->args); |
| |
| r->write_event_handler = ngx_http_request_empty_handler; |
| |
| ngx_http_finalize_request(r, rc); |
| } |
| |
| |
| static void |
| ngx_http_request_finalizer(ngx_http_request_t *r) |
| { |
| ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
| "http finalizer done: \"%V?%V\"", &r->uri, &r->args); |
| |
| ngx_http_finalize_request(r, 0); |
| } |
| |
| |
| void |
| ngx_http_block_reading(ngx_http_request_t *r) |
| { |
| ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, |
| "http reading blocked"); |
| |
| /* aio does not call this handler */ |
| |
| if ((ngx_event_flags & NGX_USE_LEVEL_EVENT) |
| && r->connection->read->active) |
| { |
| if (ngx_del_event(r->connection->read, NGX_READ_EVENT, 0) != NGX_OK) { |
| ngx_http_close_request(r, 0); |
| } |
| } |
| } |
|